Re: ntdll: Don't touch SecurityCookie when the pointer is outside of the image

21 Jul 2015

      Am 21.07.2015 um 20:33 schrieb André Hentschel:
...

if (loadcfg && loadcfg_size >= sizeof(*loadcfg) &&
   (ULONG_PTR)ptr > loadcfg->SecurityCookie &&loadcfg->SecurityCookie < (ULONG_PTR)ptr + total_size)
   set_security_cookie((ULONG_PTR *)loadcfg->SecurityCookie);

Your check doesn't take the size of the security cookie into account. If
the cookie would only be partially inside of the image area, the check
would still succeed although not all memory is writable.
The check for the lower limit should be (<= instead of >):
(ULONG_PTR)ptr <= loadcfg->SecurityCookie
Is it possible to have an unmapped space between mapped sections?
According to the NT section header it should be possible, but I am not
sure if Wine fills this area.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: ntdll: Don't touch SecurityCookie when the pointer is outside of the image